{"affected":[{"ecosystem_specific":{"binaries":[{"gh":"2.53.0-bp156.2.6.1","gh-bash-completion":"2.53.0-bp156.2.6.1","gh-fish-completion":"2.53.0-bp156.2.6.1","gh-zsh-completion":"2.53.0-bp156.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP6","name":"gh","purl":"pkg:rpm/suse/gh&distro=SUSE%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.53.0-bp156.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gh":"2.53.0-bp156.2.6.1","gh-bash-completion":"2.53.0-bp156.2.6.1","gh-fish-completion":"2.53.0-bp156.2.6.1","gh-zsh-completion":"2.53.0-bp156.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"gh","purl":"pkg:rpm/opensuse/gh&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.53.0-bp156.2.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for gh fixes the following issues:\n\nUpdate to version 2.53.0:\n\n  * CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035)\n\n  * Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to https://github.com/cli/cli/issues/8928\n  * Rename package directory and files\n  * Rename package name to `update_branch`\n  * Rename `gh pr update` to `gh pr update-branch`\n  * Add test case for merge conflict error\n  * Handle merge conflict error\n  * Return error if PR is not mergeable\n  * Replace literals with consts for `Mergeable` field values\n  * Add separate type for `PullRequest.Mergeable` field\n  * Remove unused flag\n  * Print message on stdout instead of stderr\n  * Raise error if editor is used in non-tty mode\n  * Add tests for JSON field support on issue and pr view commands\n  * docs: Update documentation for `gh repo create` to clarify owner\n  * Ensure PR does not panic when stateReason is requested\n  * Enable to use --web even though editor is enabled by config\n  * Add editor hint message\n  * Use prefer_editor_prompt config by `issue create`\n  * Add prefer_editor_prompt config\n  * Add `issue create --editor`\n  * Update create.go\n  * gh attestation trusted-root subcommand (#9206)\n  * Fetch variable selected repo relationship when required\n  * Add `createdAt` field to tests\n  * Add `createdAt` field to `Variable` type\n  * Add test for exporting as JSON\n  * Add test for JSON output\n  * Only populate selected repo information for JSON output\n  * Add test to verify JSON exporter gets set\n  * Add `--json` option support\n  * Use `Variable` type defined in `shared` package\n  * Add tests for JSON output\n  * Move `Variable` type and `PopulateSelectedRepositoryInformation` func to shared\n  * Fix query parameter name\n  * Update tests to account for ref comparison step\n  * Improve query variable names\n  * Check if PR branch is already up-to-date\n  * Add `ComparePullRequestBaseBranchWith` function\n  * Run `go mod tidy`\n  * Add test to verify `--repo` requires non-empty selector\n  * Require non-empty selector when `--repo` override is used\n  * Run `go mod tidy`\n  * Register `update` command\n  * Add tests for `pr update` command\n  * Add `pr update` command\n  * Add `UpdatePullRequestBranch` method\n  * Upgrade `shurcooL/githubv4`\n\nUpdate to version 2.52.0:\n\n  * Attestation Verification - Buffer Fix\n  * Remove beta note from attestation top level command\n  * Removed beta note from `gh at download`.\n  * Removed beta note from `gh at verify`, clarified reusable workflows use case.\n  * add `-a` flag to `gh run list`\n","id":"openSUSE-SU-2024:0226-1","modified":"2024-07-27T04:01:34Z","published":"2024-07-27T04:01:34Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JZM3Q2GOCY2XWQUP7VK2V2KZENX5UIAN/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227035"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6104"}],"related":["CVE-2024-6104"],"summary":"Security update for gh","upstream":["CVE-2024-6104"]}